FreshRSS

🔒
❌ About FreshRSS
☷
△ 🔃
There are new available articles, click to refresh the page.
Before yesterdaySecurity

Google’s Authenticator App Now Lets You Sync 2FA Codes Across Devices

By Matt Burgess
You can now sync sign-in codes across devices—but they aren’t end-to-end encrypted.

New SLP Vulnerability Could Let Attackers Launch 2200x Powerful DDoS Attacks

By Ravie Lakshmanan
Details have emerged about a high-severity security vulnerability impacting Service Location Protocol (SLP) that could be weaponized to launch volumetric denial-of-service attacks against targets. "Attackers exploiting this vulnerability could leverage vulnerable instances to launch massive Denial-of-Service (DoS) amplification attacks with a factor as high as 2,200 times, potentially making it

Iranian Hackers Launch Sophisticated Attacks Targeting Israel with PowerLess Backdoor

By Ravie Lakshmanan
An Iranian nation-state threat actor has been linked to a new wave of phishing attacks targeting Israel that's designed to deploy an updated version of a Windows backdoor called PowerLess. Cybersecurity firm Check Point is tracking the activity cluster under its mythical creature handle Educated Manticore, which exhibits "strong overlaps" with a hacking crew known as APT35, Charming Kitten,

Modernizing Vulnerability Management: The Move Toward Exposure Management

By The Hacker News
Managing vulnerabilities in the constantly evolving technological landscape is a difficult task. Although vulnerabilities emerge regularly, not all vulnerabilities present the same level of risk. Traditional metrics such as CVSS score or the number of vulnerabilities are insufficient for effective vulnerability management as they lack business context, prioritization, and understanding of

Lazarus Subgroup Targeting Apple Devices with New RustBucket macOS Malware

By Ravie Lakshmanan
A financially-motivated North Korean threat actor is suspected to be behind a new Apple macOS malware strain called RustBucket. "[RustBucket] communicates with command and control (C2) servers to download and execute various payloads," Jamf Threat Labs researchers Ferdous Saljooki and Jaron Bradley said in a technical report published last week.  The Apple device management company attributed it

Google Cloud Introduces Security AI Workbench for Faster Threat Detection and Analysis

By Ravie Lakshmanan
Google's cloud division is following in the footsteps of Microsoft with the launch of Security AI Workbench that leverages generative AI models to gain better visibility into the threat landscape.  Powering the cybersecurity suite is Sec-PaLM, a specialized large language model (LLM) that's "fine-tuned for security use cases." The idea is to take advantage of the latest advances in AI to augment

Google Authenticator App Gets Cloud Backup Feature for TOTP Codes

By Ravie Lakshmanan
Search giant Google on Monday unveiled a major update to its 12-year-old Authenticator app for Android and iOS with an account synchronization option that allows users to back up their time-based one-time passwords (TOTPs) to the cloud. "This change means users are better protected from lockout and that services can rely on users retaining access, increasing both convenience and security,"

Double zero-day in Chrome and Edge – check your versions now!

By Paul Ducklin
Wouldn't it be handy if there were a single version number to check for in every Chromium-based browser, on every supported platform?

Intel Let Google Cloud Hack Its New Secure Chips and Found 10 Bugs

By Lily Hay Newman
To protect its Confidential Computing cloud infrastructure and gain critical insights, Google leans on its relationships with chipmakers.

Russian Hackers Tomiris Targeting Central Asia for Intelligence Gathering

By Ravie Lakshmanan
The Russian-speaking threat actor behind a backdoor known as Tomiris is primarily focused on gathering intelligence in Central Asia, fresh findings from Kaspersky reveal. "Tomiris's endgame consistently appears to be the regular theft of internal documents," security researchers Pierre Delcher and Ivan Kwiatkowski said in an analysis published today. "The threat actor targets government and

Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack

By Ravie Lakshmanan
Threat actors are employing a previously undocumented "defense evasion tool" dubbed AuKill that's designed to disable endpoint detection and response (EDR) software by means of a Bring Your Own Vulnerable Driver (BYOVD) attack. "The AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before deploying

Study: 84% of Companies Use Breached SaaS Applications - Here's How to Fix it for Free!

By The Hacker News
A recent review by Wing Security, a SaaS security company that analyzed the data of over 500 companies, revealed some worrisome information. According to this review, 84% of the companies had employees using an average of 3.5 SaaS applications that were breached in the previous 3 months. While this is concerning, it isn't much of a surprise. The exponential growth in SaaS usage has security and

Hackers Exploit Outdated WordPress Plugin to Backdoor Thousands of WordPress Sites

By Ravie Lakshmanan
Threat actors have been observed leveraging a legitimate but outdated WordPress plugin to surreptitiously backdoor websites as part of an ongoing campaign, Sucuri revealed in a report published last week. The plugin in question is Eval PHP, released by a developer named flashpixx. It allows users to insert PHP code pages and posts of WordPress sites that's then executed every time the posts are

How fiends abuse an out-of-date Microsoft Windows driver to infect victims

It's like those TV movies where a spy cuts a wire and the whole building's security goes out

Ransomware spreaders have built a handy tool that abuses an out-of-date Microsoft Windows driver to disable security defenses before dropping malware into the targeted systems.…

  • April 24th 2023 at 11:30
  • ↗

New All-in-One "EvilExtractor" Stealer for Windows Systems Surfaces on the Dark Web

By Ravie Lakshmanan
A new "all-in-one" stealer malware named EvilExtractor (also spelled Evil Extractor) is being marketed for sale for other threat actors to steal data and files from Windows systems. "It includes several modules that all work via an FTP service," Fortinet FortiGuard Labs researcher Cara Lin said. "It also contains environment checking and Anti-VM functions. Its primary purpose seems to be to

Russian Hackers Suspected in Ongoing Exploitation of Unpatched PaperCut Servers

By Ravie Lakshmanan
Print management software provider PaperCut said that it has "evidence to suggest that unpatched servers are being exploited in the wild," citing two vulnerability reports from cybersecurity company Trend Micro. "PaperCut has conducted analysis on all customer reports, and the earliest signature of suspicious activity on a customer server potentially linked to this vulnerability is 14th April 01

That 3CX supply chain attack keeps getting worse: Other vendors hit

Also, Finland sentences CEO of breach company to prison (kind of), and this week's laundry list of critical vulns

In Brief We thought it was probably the case when the news came out, but now it's been confirmed: The X_Trader supply chain attack behind the 3CX compromise last month wasn't confined to the telco developer.…

  • April 24th 2023 at 03:27
  • ↗

Chinese scientists calculate the Milky Way's mass as 805 billion times that of our Sun

ALSO: Australia says offensive hacking is working; DJI hit with $279m patent suit; Philippines Police leak data; and more

Asia In Brief Chinese scientists have estimated the mass of the Milky Way.…

  • April 24th 2023 at 00:29
  • ↗

Hacker Group Names Are Now Absurdly Out of Control

By Andy Greenberg
Pumpkin Sandstorm. Spandex Tempest. Charming Kitten. Is this really how we want to name the hackers wreaking havoc worldwide?

Weekly Update 344

By Troy Hunt
Weekly Update 344

I feel like a significant portion of this week's video went to discussing "the Coinbase breach that wasn't a Coinbase breach". There are various services out there that are used by the likes of password managers to alert their customers to new breaches (including HIBP in 1Password) and whoever Dashlane is using frankly, royally cocked up the attribution. What was a garden variety list of email addresses someone had just chucked the "Coinbase" name on had absolutely nothing to do with a breach of the crypto company. It's frustrating to watch, and I suspect that will come through when you watch the video too. See what you think.

Weekly Update 344
Weekly Update 344
Weekly Update 344
Weekly Update 344

References

  1. I take an inordinate amount of pleasure in screwing with scammers / spammers (and judging by the reactions to that thread, so do you! 🤣)
  2. Misattributing a data breach can be a pretty serious issue, and Dashlane's provider incorrectly implicating Coinbase as having been pwned isn't a good look (I'm especially frustrated given how much time I invest doing verification so precisely this doesn't happen!)
  3. Domain searches via API are coming to HIBP! (that's a link to a "started" UserVoice idea, vote there if you'd like to be kept in the loop on progress)
  4. I'm trialling using a Twitter subscription to provide earlier insights into breaches and seek community support in handling and disclosing them (no need to explicitly let me know if that's not of interest, just don't sign up 🙂)
  5. Sponsored by: Kolide ensures only secure devices can access your cloud apps. It's Zero Trust tailor-made for Okta. Book a demo today.

Criminals Are Using Tiny Devices to Hack and Steal Cars

By Matt Burgess
Apple thwarts NSO’s spyware, the rise of a GPT-4 black market, Russia targets Starlink internet connections, and more.

Vulkan Files

By /u/Snoo_27235
submitted by /u/Snoo_27235
[link] [comments]

European air traffic control confirms website 'under attack' by pro-Russia hackers

Another cyber nuisance in support of Putin's war, nothing too serious

Europe's air-traffic agency appears to be the latest target in pro-Russian miscreants' attempts to disrupt air travel.…

  • April 22nd 2023 at 07:09
  • ↗

Lazarus X_TRADER Hack Impacts Critical Infrastructure Beyond 3CX Breach

By Ravie Lakshmanan
Lazarus, the prolific North Korean hacking group behind the cascading supply chain attack targeting 3CX, also breached two critical infrastructure organizations in the power and energy sector and two other businesses involved in financial trading using the trojanized X_TRADER application. The new findings, which come courtesy of Symantec's Threat Hunter Team, confirm earlier suspicions that the

CISA Adds 3 Actively Exploited Flaws to KEV Catalog, including Critical PaperCut Bug

By Ravie Lakshmanan
The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Friday added three security flaws to its Known Exploited Vulnerabilities (KEV) catalog, based on evidence of active exploitation. The three vulnerabilities are as follows - CVE-2023-28432 (CVSS score - 7.5) - MinIO Information Disclosure Vulnerability  CVE-2023-27350 (CVSS score - 9.8) - PaperCut MF/NG Improper Access Control

Microsoft pushes for more women in cybersecurity

Redmond tops industry average, still got a way to go

Microsoft has partnered with organizations around the globe to bring more women into infosec roles, though the devil is in the details.…

  • April 21st 2023 at 22:03
  • ↗

VMware patches break-and-enter hole in logging tools: update now!

By Paul Ducklin
You know jolly well/What we're going to say/And that's "Do not delay/Simply do it today."

❌